Internet Permissions

Since iOS 9, App Transport Security (ATS) requires that your app's network connections use HTTPS by default. Apple's current guidance is to use HTTPS everywhere and to avoid disabling ATS globally. If your app needs to load a resource that is only served over HTTP, add a narrow, domain-specific exception rather than turning ATS off for the entire app — see Apple's note "Fine-tune your App Transport Security settings" for the rationale.

For a deeper walkthrough of the available keys (including NSExceptionDomains, NSAllowsArbitraryLoadsInWebContent, NSAllowsArbitraryLoadsForMedia, and NSAllowsLocalNetworking), see the App Transport Security page.

Preferred: a domain-specific exception

Right-click Info.plist and Open As -> Source Code, then add an entry for only the host(s) you need to reach over HTTP:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key><true/>
            <key>NSIncludesSubdomains</key><true/>
        </dict>
    </dict>
</dict>

Last resort: disabling ATS globally

NSAllowsArbitraryLoads turns ATS off for every network connection in your app. Apple discourages this and may require a justification when you submit to the App Store. Only use it during development or when you have no other option:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key><true/>
</dict>

Read More

• NSAppTransportSecurity reference
• Fine-tune your App Transport Security settings (Apple Developer news)